Malicious libraries in package repositories reveal a fundamental security flaw

    Date17 Jul 2019
    Posted ByBrittany Day
    LS Hmepg 337x500 31

    The proliferation of malicious packages in repositories for software developers that rely on typosquatting points to a problem: A reliance on flat namespaces.

    The PyPI package manager for Python developers contains malicious packages, researchers at security firm ReversingLabs found, according to a Wednesday blog post. The actual packages discovered are uninteresting—four packages by a developer named ruri12, one of which is libpeshnx, a package that attempts to download a file from a C2 server, save it in a user's home directory, and make it persist as a background process.

    It's theorized to be a development version of libpeshka, which was discovered by a researcher named Bertus, and reported by ZDNet's Catalin Cimpnau last October. The C2 server was already offline by that point, making the whole package toothless, though for its toothlessness, not appreciably less concerning.

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.